8be19074d373973ac4f7e6a4da9e23d7e091547bb8f9c20a41a450c85d95784b

Analysis

max time kernel
150s
max time network
156s
platform
debian-12_armhf
resource
debian12-armhf-20240221-en
resource tags

arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
22/08/2024, 12:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bot.arm7.elf
Size

180KB
MD5

31f3bc2f737b48225a040cbd20d9d774
SHA1

75b1c75c6bd4e0dc32600fed9381563308e0033e
SHA256

8be19074d373973ac4f7e6a4da9e23d7e091547bb8f9c20a41a450c85d95784b
SHA512

a6bea34a4fcd2c86e32910d89d19d744363fb42566a429563e6bf2740a25c50bc19bf1273afea67a0d9c70b3e5df1463035e164a2b227ec1b26f3e75068a25d3
SSDEEP

3072:fmcRhj9ma1W9YHk9ah/QqXFggKkY7mo6HL/2p0o9M/RT7C7dT6:fmgh91W6E9ah/Qq1gB2oiL/U59M/RT7N

Score

6^/10

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M "	707	bot.arm7.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/38/cmdline	bot.arm7.elf
File opened for reading	/proc/326/cmdline	bot.arm7.elf
File opened for reading	/proc/762/cmdline	bot.arm7.elf
File opened for reading	/proc/24/cmdline	bot.arm7.elf
File opened for reading	/proc/686/cmdline	bot.arm7.elf
File opened for reading	/proc/1/cmdline	bot.arm7.elf
File opened for reading	/proc/4/cmdline	bot.arm7.elf
File opened for reading	/proc/27/cmdline	bot.arm7.elf
File opened for reading	/proc/730/cmdline	bot.arm7.elf
File opened for reading	/proc/742/cmdline	bot.arm7.elf
File opened for reading	/proc/19/cmdline	bot.arm7.elf
File opened for reading	/proc/723/cmdline	bot.arm7.elf
File opened for reading	/proc/747/cmdline	bot.arm7.elf
File opened for reading	/proc/735/cmdline	bot.arm7.elf
File opened for reading	/proc/763/cmdline	bot.arm7.elf
File opened for reading	/proc/31/cmdline	bot.arm7.elf
File opened for reading	/proc/35/cmdline	bot.arm7.elf
File opened for reading	/proc/143/cmdline	bot.arm7.elf
File opened for reading	/proc/710/cmdline	bot.arm7.elf
File opened for reading	/proc/733/cmdline	bot.arm7.elf
File opened for reading	/proc/8/cmdline	bot.arm7.elf
File opened for reading	/proc/33/cmdline	bot.arm7.elf
File opened for reading	/proc/487/cmdline	bot.arm7.elf
File opened for reading	/proc/668/cmdline	bot.arm7.elf
File opened for reading	/proc/682/cmdline	bot.arm7.elf
File opened for reading	/proc/25/cmdline	bot.arm7.elf
File opened for reading	/proc/34/cmdline	bot.arm7.elf
File opened for reading	/proc/338/cmdline	bot.arm7.elf
File opened for reading	/proc/720/cmdline	bot.arm7.elf
File opened for reading	/proc/743/cmdline	bot.arm7.elf
File opened for reading	/proc/22/cmdline	bot.arm7.elf
File opened for reading	/proc/683/cmdline	bot.arm7.elf
File opened for reading	/proc/754/cmdline	bot.arm7.elf
File opened for reading	/proc/12/cmdline	bot.arm7.elf
File opened for reading	/proc/28/cmdline	bot.arm7.elf
File opened for reading	/proc/30/cmdline	bot.arm7.elf
File opened for reading	/proc/732/cmdline	bot.arm7.elf
File opened for reading	/proc/741/cmdline	bot.arm7.elf
File opened for reading	/proc/734/cmdline	bot.arm7.elf
File opened for reading	/proc/751/cmdline	bot.arm7.elf
File opened for reading	/proc/753/cmdline	bot.arm7.elf
File opened for reading	/proc/16/cmdline	bot.arm7.elf
File opened for reading	/proc/334/cmdline	bot.arm7.elf
File opened for reading	/proc/757/cmdline	bot.arm7.elf
File opened for reading	/proc/21/cmdline	bot.arm7.elf
File opened for reading	/proc/17/cmdline	bot.arm7.elf
File opened for reading	/proc/740/cmdline	bot.arm7.elf
File opened for reading	/proc/728/cmdline	bot.arm7.elf
File opened for reading	/proc/7/cmdline	bot.arm7.elf
File opened for reading	/proc/47/cmdline	bot.arm7.elf
File opened for reading	/proc/221/cmdline	bot.arm7.elf
File opened for reading	/proc/706/cmdline	bot.arm7.elf
File opened for reading	/proc/711/cmdline	bot.arm7.elf
File opened for reading	/proc/32/cmdline	bot.arm7.elf
File opened for reading	/proc/10/cmdline	bot.arm7.elf
File opened for reading	/proc/23/cmdline	bot.arm7.elf
File opened for reading	/proc/58/cmdline	bot.arm7.elf
File opened for reading	/proc/237/cmdline	bot.arm7.elf
File opened for reading	/proc/323/cmdline	bot.arm7.elf
File opened for reading	/proc/2/cmdline	bot.arm7.elf
File opened for reading	/proc/36/cmdline	bot.arm7.elf
File opened for reading	/proc/738/cmdline	bot.arm7.elf
File opened for reading	/proc/9/cmdline	bot.arm7.elf
File opened for reading	/proc/15/cmdline	bot.arm7.elf

/tmp/bot.arm7.elf
/tmp/bot.arm7.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:707

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads